Earlier this week, a second ransomware group came after Nashville-based clearing house Change Healthcare, according to Becker’s Hospital Review. Hackers known as Ransom Hub claim to possess Change data and are asking for payment, or else they would sell the information on the dark web.
Change confirmed to Becker’s that it was “aware of the reports.”
D#NUT ransomware gang claims Ready or Not dev Void Interactive as a victim
The developer of a SWAT-based first-person shooter has allegedly lost four terabytes of data including source code to a ransomware attack.
The D#NUT ransomware gang is claiming to have successfully exfiltrated four terabytes of data from Void Interactive, the developer of popular tactical shooter Ready or Not.
“voidinteractive.net you are welcome in our chat,” D#NUT declared on its dark net leak site on March 14.
“You has been pwned. All data related Ready Or Not will be posted here if u will keep silent. We got 4Tb of source code and game related data.”
The gang do not appear to be native English speakers.
“Send us a message via for on that blog as soon as possible. We will provide more profs (list of exfiltrated files).”
To add proof to its claim, the gang shared a link to the Imgur image-hosting site, and a screenshot of a list of various builds of the game in what appears to be a dev environment. More than 20 distinct builds are listed, for both PC and consoles, as well as various performance test builds.
The screenshot appears to be authentic.
D#NUT – whose leak site features a lurid illustration of the gang’s namesake – is a relatively small ransomware operation. Since it was first observed by threat tracker FalconFeeds.io in April 2023, the gang has claimed ten victims, with Void Interactive being the latest. Half of its victims have been North American organisations, with the rest spread across Europe and the UK.
However, the authenticity of the gang’s claims has been questioned by some observers. On February 5 the gang claimed to have successfully hacked the US Department of Defense, stealing documents related to a host of contractors, but one security analyst poured cold water on the claim.
“I would approach this claimed ‘breach’ by donut ransomware with caution and scepticism,” the X account CyberKnow posted on the same day.
“All the claimed US defence contractor victims have been posted to leak sites in the past year or two.”
There are some earlier incidents that D#NUT has taken responsibility for, while in…
Ransomware incidents remain a scourge on UK society. Based on interviews with victims and incident responders, this paper outlines the harm ransomware causes to organisations, individuals, the UK …
Is your organization a business associate? You could be subject to enforcement action if you fail to protect health information within your control from ransomware attacks.
In October, for the first time, the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) reached a settlement agreement with a Health Insurance Portability and Accountability Act (HIPAA) business associate that was the victim of a ransomware attack. The business associate paid $100,000 to resolve allegations that it had failed to sufficiently protect the privacy and security of health information within its control.
Doctors’ Management Services (DMS), a medical practice management company that provides services such as medical billing and payor credentialing, acts as a business associate to several covered entities. On April 22, 2019, DMS informed HHS that DMS’s network server had been infected with GandCrab ransomware, affecting the electronic protected health information (e-PHI) of approximately 200,000 individuals. Although the initial intrusion occurred on April 1, 2017, DMS apparently did not detect the intrusion until December of the following year, when the ransomware was used to encrypt DMS’s files.
OCR’s investigation found evidence that DMS had failed to appropriately monitor its health information systems’ activity (for example, through audit logs, access reports and security incident tracking reports) and had failed to implement reasonable and appropriate policies and procedures to comply with the HIPAA Security Rule.
Under the settlement agreement, DMS agreed to pay $100,000 and to submit to a Corrective Action Plan under which DMS must update its Risk Analysis regarding the potential risks to the confidentiality, integrity and availability of e-PHI held by DMS, and provide documentation supporting a review of its current security measures and the level of risk to its e-PHI associated with network segmentation, network infrastructure, vulnerability scanning, logging and alerts and patch management. DMS must also provide workforce HIPAA training (among other things). OCR will monitor DMS for three years to ensure compliance.
In a press release…